Linux system opens ports 3306, 8080, etc. to the outside world, detailed explanation of firewall settings

Linux system opens ports 3306, 8080, etc. to the outside world, detailed explanation of firewall settings

Many times, after we install a web service application (such as tomcat, apache, etc.) on a liunx system, we need to allow other computers to access the application, but the firewall of the linux system (centos, redhat, etc.) only opens port 22 to the outside by default.

The port settings of the Linux system are configured in the /etc/sysconfig/iptables file. Open the file using an editor. The content is as follows:

# Firewall configuration written by system-config-firewall 
# Manual customization of this file is not recommended. 
*filter 
:INPUT ACCEPT [0:0] 
:FORWARD ACCEPT [0:0] 
:OUTPUT ACCEPT [0:0] 
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT 
-A INPUT -p icmp -j ACCEPT 
-A INPUT -i lo -j ACCEPT 
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT 
-A INPUT -j REJECT --reject-with icmp-host-prohibited 
-A FORWARD -j REJECT --reject-with icmp-host-prohibited 
COMMIT

The following code is said on the Internet

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 3001 -j ACCEPT

I tested the above code in CentOS6.5 and it didn't work.

If we need to open port 80 to the outside world, add the following code to the above file

-A INPUT -m state --state NEW -m tcp -p tcp --dport 8080 -j ACCEPT

Also note that this code needs to be added to

-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT

After that, otherwise the port cannot be opened either. The final configuration is as follows:

# Firewall configuration written by system-config-firewall 
# Manual customization of this file is not recommended. 
*filter 
:INPUT ACCEPT [0:0] 
:FORWARD ACCEPT [0:0] 
:OUTPUT ACCEPT [0:0] 
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT 
-A INPUT -p icmp -j ACCEPT 
-A INPUT -i lo -j ACCEPT 
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT 
-A INPUT -m state --state NEW -m tcp -p tcp --dport 8080 -j ACCEPT 
-A INPUT -j REJECT --reject-with icmp-host-prohibited 
-A FORWARD -j REJECT --reject-with icmp-host-prohibited 
COMMIT

Editing the above file requires su permission.

After saving the above file, run the following command in the terminal: Update the firewall configuration

service iptables restart

The following command can see the open ports

/sbin/iptables -L -n 

The following command can turn off/on the firewall (requires restarting the system)

Enable: chkconfig iptables on 
To turn off: chkconfig iptables off

The following code can start and stop the firewall (effective immediately and invalid after restart)

Start: service iptables start  
Shutdown: service iptables stop

The above is the editor's introduction to the Linux system opening 3306, 8080 and other ports to the outside world, and the detailed integration of firewall settings. I hope it will be helpful to everyone. If you have any questions, please leave me a message and the editor will reply to you in time. I would also like to thank everyone for their support of the 123WORDPRESS.COM website!

You may also be interested in:
  • Enable remote access rights for MySQL under Linux and open port 3306 in the firewall
  • Example of how to open port 80 in the firewall in Linux
  • Summary of how to view, add, delete and modify iptables rules of Linux firewall
  • Detailed explanation of Linux firewall status and opening and closing commands
  • How to open a certain port number in the firewall under Linux and use common firewall commands (detailed explanation)
  • Steps to set up firewall whitelist in Linux (RHEL 6 and CentOS 7)
  • Alibaba Cloud Linux Server Security Settings (Firewall Policy, etc.)
  • Linux firewall iptables introductory tutorial
  • How to disable selinux (firewall)
  • Solution to mysql connection blocked by firewall under linux

<<:  Using keras to judge SQL injection attacks (example explanation)

>>:  How to make your browser talk with JavaScript

Recommend

MySQL NULL data conversion method (must read)

When using MySQL to query the database and execut...

Example of using MySQL to count the number of different values ​​in a column

Preface The requirement implemented in this artic...

Summary of English names of Chinese fonts

When using the font-family property in CSS to ref...

A detailed introduction to Tomcat directory structure

Open the decompressed directory of tomcat and you...

Detailed explanation of Angular component life cycle (I)

Table of contents Overview 1. Hook calling order ...

How to ensure that every page of WeChat Mini Program is logged in

Table of contents status quo Solution Further sol...

CSS float (float, clear) popular explanation and experience sharing

I came into contact with CSS a long time ago, but...

Detailed tutorial on how to delete Linux users using userdel command

What is serdel userdel is a low-level tool for de...

Tips for making web table frames

<br />Tips for making web table frames. ----...

Solution to the garbled code problem in MySQL 5.x

MySQL is a commonly used open source database sof...

Introduction to the process of building your own FTP and SFTP servers

FTP and SFTP are widely used as file transfer pro...

Linux CentOS6.5 yum install mysql5.6

This article shares the simple process of install...

Nginx operation and maintenance domain name verification method example

When configuring the interface domain name, each ...

A brief discussion on the fun of :focus-within in CSS

I believe some people have seen this picture of c...

How to pop up a temporary QQ dialog box to chat online without adding friends

In fact, this is very simple. We add an a tag to ...